Recent rest-server versions don’t start if no htpasswd file is found unless --no-auth was passed. Please run rest-server with the --log filename flag to get a log of the http requests. That should show whether nginx or the rest-server causes the 401 errors.
Does the password contain any special characters that might need escaping? To hide the repo url and credentials from ps / top it’s a good idea to use restic --repository-file file-with-the-url.
Which rest-server and restic version are you using?